Offshore hacker's wave of calls swamped triple zero

An overseas phone hacker onslaught of more than a thousand offshore calls tripped up the triple zero emergency call service on Saturday morning sparking a government investigation and raising questions about Telstra's handling of the situation which left some Australians waiting up to nine hours for a call back.

Between 6.09am and 7.55am on May 26, there were three short periods where 600 calls at a time were directed to Australia’s 000 call centres, which are run by Telstra. These were ‘blank’ calls with no one on the other end and the high volume resulted in genuine emergency calls from across the country going unanswered.

A second issue on the Triple Zero line is being investigated by the government.

Photo: James Davies

The mass dials originated from a customer of telecommunications company Vocus.

A Vocus spokesman confirmed one of its customers’ phone exchange systems had been compromised “enabling an external party to attempt international toll fraud”. Toll fraud is when a hacker fraudulently gains access to a phone system to make calls.

He said the telco’s fraud filters meant algorithmically-generated attempts to call international numbers failed, but some of the calls included a prefix of 000, which routed to emergency services.

Advertisement

“Steps have been taken to prevent another such occurrence,” he said.

It is understood Australia is often subject to such attacks originating from countries like Poland, though there has been no confirmation about where these specific calls originated from. Lax approaches to security by customers can make telcos more vulnerable to this type of fraud.

During the incident, triple zero calls were answered by operators and directed to a recorded service asking them to press ‘55’ to ensure the dials were genuine.

Telstra holds a multi-million dollar contract with the government to provide the call centre and connections to triple zero for all telcos.

A Telstra spokesman said the telco worked with the government, emergency services and the provider to resolve the issue, in some cases directing repeat calls to police in the state they originated in.

Loading

“There was some impact on call response times during these call bursts and our network otherwise operated normally,” he said.

This is the second recent issue affecting Triple Zero services, after a fire-affected cable pit resulted in a widespread outage of the emergency services line on May 4. This is currently being investigated by the government.

A spokesman for Communications Minister Mitch Fifield confirmed the “issue which occurred on Saturday morning will also be addressed in this report”.

Telcos are hoping this investigation will look into the time it took Telstra to alert them of the issue. Industry sources say some providers were notified after 5.30pm and only given phone numbers of customers who were not connnected to allow call backs even later.

Informing other telcos about an event like mass non-genuine calls is a requirement under the Emergency Call Service Code, which was developed by the Communications Alliance and the Australian Communications and Media Authority (ACMA).

We’re raising further issues about the handling of incidents, including timely sharing of information.

Vodafone spokeswoman

These guidelines do not specify how long Telstra has to alert other providers and analysing what occurred can be a time-consuming process.

An Optus spokeswoman confirmed employees received information about the outage on Saturday evening.

A Vodafone spokeswoman said all carriers rely on Telstra to provide information about calls that don’t reach an operator during a fault, with customers followed up with after the issue.

“As part of ongoing discussions with industry and government about Triple Zero operations, we’re raising further issues about the handling of incidents, including timely sharing of information,” she said.

Communications Alliance chief executive John Stanton said he would “look closely” at any findings or recommendations from the government’s investigation to determine whether the emergency code should be revised.

It is understood several providers are intending to push for a time requirement for notification of outages and issues.